[Ans.]openssh3.5p1 version ... Password aging problem???
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Tue May 27 07:45:39 EST 2003
On Tue, May 13, 2003 at 07:52:25PM +1000, Darren Tucker wrote:
> The chat-script method is only applicable to SSH2 (with
> MSG_USERAUTH_PASSWD_CHANGEREQ), if you want to support changes with
> protocol 1 you still need passwd-in-session[1]. I think the argument is
> that since it's needed anyway, using it for protocol 2 as well is the
> smallest set of changes.
Absolutely.
> > My binary implementing this is currently 6384 bytes when strip:ed.
>
> How many lines of code is that? Don't forget the reason you're doing this
> is so you don't need ~160 lines of platform-specific change functions
> (that's for AIX and shadow platforms) which is 4416 bytes stripped on
> Linux/i386.
Definitions and data is 65 lines, code 95 lines. Probably 30 more lines of
code before it's done.
> [1] Someone (Frank?) proposed doing this via TIS challenge-response on
> Protocol 1. By my reading of the RFC you only get one challenge and one
> response so in order for that to work you'd need the user to respond with
> something like "oldpassword,newpassword". Of course, I could be wrong.
In any case, your first point is very valid.
//Peter
More information about the openssh-unix-dev
mailing list